From 3823c72af11f77b9639176921b398fbab2ac04fd Mon Sep 17 00:00:00 2001 From: Tlacenka Date: Wed, 18 Oct 2017 12:55:58 +0200 Subject: Add Extra CAs (custom post-provision action) (#801) * add cas: playbook adding new CAs created * add CAs: README updated, bug fixes * README: improvements * README: minor fixes * README: removed code snippet * README: fix --- playbooks/provisioning/openstack/README.md | 11 +++++++++++ playbooks/provisioning/openstack/custom-actions/add-cas.yml | 13 +++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 playbooks/provisioning/openstack/custom-actions/add-cas.yml diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index a277047e1..f11a9bd73 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -629,6 +629,16 @@ Example usage: ansible-playbook -i openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml --extra-vars '{"registries": "reg1", "insecure_registries": ["ins_reg1","ins_reg2"]}' ``` +#### Adding extra CAs to the trust chain + +This playbook is also located in the [custom-actions](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions) directory. +It copies passed CAs to the trust chain location and updates the trust chain on each selected host. + +Example usage: +``` +ansible-playbook -i openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-cas.yml --extra-vars '{"ca_files": [, ]}' +``` + Please consider contributing your custom playbook back to openshift-ansible-contrib! A library of custom post-provision actions exists in `openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions`. Playbooks include: @@ -636,6 +646,7 @@ A library of custom post-provision actions exists in `openshift-ansible-contrib/ * [add-yum-repos.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-yum-repos.yml): adds a list of custom yum repositories to every node in the cluster * [add-rhn-pools.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): attaches a list of additional RHN pools to every node in the cluster * [add-docker-registry.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml): adds a list of docker registries to the docker configuration on every node in the cluster +* [add-cas.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): adds a list of CAs to the trust chain on every node in the cluster ### Install OpenShift diff --git a/playbooks/provisioning/openstack/custom-actions/add-cas.yml b/playbooks/provisioning/openstack/custom-actions/add-cas.yml new file mode 100644 index 000000000..b2c195f91 --- /dev/null +++ b/playbooks/provisioning/openstack/custom-actions/add-cas.yml @@ -0,0 +1,13 @@ +--- +- hosts: cluster_hosts + become: true + vars: + ca_files: [] + tasks: + - name: Copy CAs to the trusted CAs location + with_items: "{{ ca_files }}" + copy: + src: "{{ item }}" + dest: /etc/pki/ca-trust/source/anchors/ + - name: Update trusted CAs + shell: 'update-ca-trust enable && update-ca-trust extract' -- cgit v1.2.3